FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Secure boot issue for i.MX8MQ

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure boot issue for i.MX8MQ

‎07-02-2024 08:40 PM
223 Views
Derek0902
Contributor II

Hi,

I used my i.MX8MQ custom board to develop secure boot by following this document [mx8m_secure_boot.txt] . After I program SEC_CONFIG[1] fuse on devices, it cannot boot up.

Is there anything wrong? 

Derek0902_1-1719977897983.png

Derek0902_0-1719977854043.png

 

Regards,

Derek Lin

 

0 Kudos
Reply
3 Replies

‎07-02-2024 10:39 PM
203 Views
Harvey021
NXP TechSupport
NXP TechSupport

Hi 

There is problem with SPL verify hash.

Have you run hab_status to verify your signing imge before close the device?

Can you share how you sign, csf files?

 

Regards

Harvey

0 Kudos
Reply

‎07-02-2024 10:50 PM
200 Views
Derek0902
Contributor II

Hi @Harvey021 ,

 

hab_status : 

Derek0902_0-1719985361138.png

flash.bin build log:

Offset_dump.png

print_fit_hab build log:

Fit_hab.png

csf_spl.txt:

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    # Leave Job Ring and DECO master ID registers Unlocked
    Engine = CAAM
    Features = MID

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x7e0fc0 0x1a000 0x3a400 "flash.bin"

csf_fit.txt:

[Header]
    Version = 4.3
    Hash Algorithm = sha256
    Engine = CAAM
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # Index of the key location in the SRK table to be installed
    File = "../../crts/SRK_1_2_3_4_table.bin"
    Source index = 0

[Install CSFK]
    # Key used to authenticate the CSF data
    File = "../../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate CSF]

[Install Key]
    # Key slot index used to authenticate the key to be installed
    Verification index = 0
    # Target key slot in HAB key store where key will be installed
    Target index = 2
    # Key to install
    File = "../../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 2
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x401fadc0 0x057c00 0x001020 "flash.bin", \
             0x40200000 0x05CC00 0x10ECB0 "flash.bin", \
             0x4030ECB0 0x16B8B0 0x00DF60 "flash.bin", \
             0x00910000 0x179810 0x00A0E0 "flash.bin", \
             0xFE000000 0x1838F0 0x08A350 "flash.bin"

 

Regards,

 

Derek Lin

 

0 Kudos
Reply

‎07-03-2024 12:12 AM
194 Views
Harvey021
NXP TechSupport
NXP TechSupport

As need your PKI, and signing images ...etc. Will send you email.

 

Regards

Harvey

0 Kudos
Reply